consolidate firewall definitions

2024-11-25 15:34:02 +02:00 · 2024-11-25 15:34:02 +02:00 · 4e7890d90a
commit 4e7890d90a
parent 24f6a331a4
2 changed files with 17 additions and 23 deletions
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@ -5,18 +5,31 @@
      networking.nftables.enable = true;
    }
  ];
+
  fructose.modules = [
    {
      networking.firewall = {
        allowedUDPPorts = [
-          #    53 # pihole
-          #    5894 # couchdb
        ];
        allowedTCPPorts = [
-          3000 # forgejo
-          #    5894 # couchdb
+          3000 # forgejo http
+          222 # forgejo ssh
        ];
      };
    }
  ];
+
+  aspartame.modules = [
+    ({
+      services.fail2ban.enable = true;
+      networking.firewall = {
+        interfaces.eth0.allowedTCPPorts = [
+          80
+          222 # this is for forgejo
+          443
+          64783 # this is for murmur
+        ];
+      };
+    })
+  ];
 }
--- a/services/website/website-firewall.mod.nix
+++ b/services/website/website-firewall.mod.nix
@ -1,19 +0,0 @@
-{
-  aspartame.modules = [
-    ({
-      services.fail2ban.enable = true;
-      networking.firewall = {
-        interfaces.eth0.allowedTCPPorts = [
-          80
-          222 # this is for forgejo
-          443
-        ];
-      };
-    })
-  ];
-  fructose.modules = [
-    {
-      networking.firewall.interfaces.eth0.allowedTCPPorts = [ 222 ]; # when someones tries to ssh to forgejo, it goes -> aspartame -> fructose -> forgejo-container --- so fructose also needs this port open.
-    }
-  ];
-}